Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4840 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4839 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-47968 | 1 Linuxserver | 1 Heimdall Application Dashboard | 2023-01-05 | N/A | 5.4 MEDIUM |
| Heimdall Application Dashboard through 2.5.4 allows reflected and stored XSS via "Application name" to the "Add application" page. The stored XSS will be triggered in the "Application list" page. | |||||
| CVE-2021-4292 | 1 Openmrs | 1 Admin Ui Module | 2023-01-05 | N/A | 6.1 MEDIUM |
| A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 4f8565425b7c74128dec9ca46dfbb9a3c1c24911. It is recommended to upgrade the affected component. The identifier VDB-216917 was assigned to this vulnerability. | |||||
| CVE-2022-4727 | 1 Openmrs | 1 Appointment Scheduling Module | 2023-01-05 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affects the function getNotes of the file api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java of the component Notes Handler. The manipulation of the argument notes leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.17.0 is able to address this issue. The name of the patch is 2ccbe39c020809765de41eeb8ee4c70b5ec49cc8. It is recommended to upgrade the affected component. The identifier VDB-216741 was assigned to this vulnerability. | |||||
| CVE-2022-4730 | 1 Graphite Project | 1 Graphite | 2023-01-05 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216744. | |||||
| CVE-2022-4729 | 1 Graphite Project | 1 Graphite | 2023-01-05 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216743. | |||||
| CVE-2022-4728 | 1 Graphite Project | 1 Graphite | 2023-01-05 | N/A | 5.4 MEDIUM |
| A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. VDB-216742 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-36664 | 1 Adiscon | 1 Password Manager For Iis | 2023-01-05 | N/A | 6.1 MEDIUM |
| Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter. | |||||
| CVE-2022-4733 | 1 Open-emr | 1 Openemr | 2023-01-05 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2. | |||||
| CVE-2022-3835 | 1 Kwayyinfotech | 1 Kwayy Html Sitemap | 2023-01-05 | N/A | 4.8 MEDIUM |
| The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3840 | 1 Wp-glogin | 1 Login For Google Apps | 2023-01-05 | N/A | 4.8 MEDIUM |
| The Login for Google Apps WordPress plugin before 3.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4691 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4695 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4694 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4110 | 1 Eventify Project | 1 Eventify | 2023-01-05 | N/A | 4.8 MEDIUM |
| The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2021-30134 | 6 Ht Slider Range For Amazon Affiliates Project, Php Curl Class Project, Ptwooplugins and 3 more | 6 Ht Slider Range For Amazon Affiliates, Php Curl Class, Invoicing With Invoicexpress For Woocommerce and 3 more | 2023-01-04 | N/A | 6.1 MEDIUM |
| php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. | |||||
| CVE-2019-25084 | 1 Hide Files On Github Project | 1 Hide Files On Github | 2023-01-04 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 9de0c57df81db1178e0e79431d462f6d9842742e. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216767. | |||||
| CVE-2022-4227 | 1 Booster | 3 Booster Elite For Woocommerce, Booster For Woocommerce, Booster Plus For Woocommerce | 2023-01-04 | N/A | 6.1 MEDIUM |
| The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-4197 | 1 10web | 1 Slider | 2023-01-04 | N/A | 4.8 MEDIUM |
| The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||